Commit 86e249bf authored by Łukasz Nowak's avatar Łukasz Nowak

Security fix: check Assignment in case of Person.

parent 8c89b14e
...@@ -44,6 +44,7 @@ from Products.ERP5Security.ERP5UserManager import SUPER_USER ...@@ -44,6 +44,7 @@ from Products.ERP5Security.ERP5UserManager import SUPER_USER
from ZODB.POSException import ConflictError from ZODB.POSException import ConflictError
from Products.ERP5Security.ERP5GroupManager import ConsistencyError, NO_CACHE_MODE from Products.ERP5Security.ERP5GroupManager import ConsistencyError, NO_CACHE_MODE
from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Security.ERP5UserManager import getValidAssignmentList
# some usefull globals # some usefull globals
LOGGABLE_PORTAL_TYPE_LIST = ["Person", "Computer", "Software Instance"] LOGGABLE_PORTAL_TYPE_LIST = ["Person", "Computer", "Software Instance"]
...@@ -130,6 +131,10 @@ class SlapOSShadowAuthenticationPlugin(BasePlugin): ...@@ -130,6 +131,10 @@ class SlapOSShadowAuthenticationPlugin(BasePlugin):
user_list = self.getUserByLogin(login) user_list = self.getUserByLogin(login)
if len(user_list) != 1: if len(user_list) != 1:
return None return None
user = user_list[0]
if user.getPortalType() == 'Person':
if len(getValidAssignmentList(user)) == 0:
return None
return (login, login) return (login, login)
def getUserByLogin(self, login): def getUserByLogin(self, login):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment